# Mobile Contract

The mobile app must stay metadata-driven where the backend owns operational truth.

## Country metadata

Use:

- `GET /mobile/countries`
- `GET /mobile/countries/{iso2}`
- `GET /mobile/countries/{iso2}/service-catalog`

The mobile app should not hard-code phone prefix length, national number length, operators, operator logos, currency, or service availability.

## Onboarding

The registration path is:

1. Country and phone input.
2. OTP issue.
3. OTP verification.
4. PIN creation.
5. Register with `otpToken`.
6. Wallet provisioning status.

Email is optional. Phone number is the primary identity.

## Runtime unavailable states

If a feature is disabled in `/mobile/readiness` or the service catalog, the UI should show an honest unavailable state and optionally call `POST /mobile/feature-interest`.

## Release build rule

Profile and release mobile builds must pass:

```text
--dart-define=API_BASE_URL=https://sandbox-heritagepay-api.paypm.net/api/v1
```

Release builds reject missing or non-HTTPS API URLs.
